I will be traveling and will not have time for posts until June. If you sent any files to me recently and I did not post / did not reply, please accept my sincere apologies, it has been a busy period.
Please continue to share and upload files to Contagio Community and Contagio Mobile dump where it will be available immediately to others via the main download link posted there.
I hope you all have a great end of spring and glorious summer.
P.S. If you are looking for something that is not listed, feel free to email and ask, i might have it.
There are already quite a few samples of this recently patched exploit in the wild, including those targeting USA companies. This particular sample is targeting Uyghur Congress, which is "an international organization aspiring to represent .. exiled Uyghur (Turkish ethnic group) people both inside and outside of the Xinjiang Autonomous Region of the People's Republic of China." ~ Wikipedia. The text of the email cannot be translated with online translators, but judging by the content of the attachment, it is meant to look like an invitation for the World Uyghur Assembly .
More often than not, interesting samples come at the wrong time, when I cannot analyze them due to various reasons such as being busy with something else. I was planning to look at it this weekend but it did not happen, so here it CVE-2012-0779. Analyze it, write signatures, add detection to your filters. If you post an analysis, please send your link, I add. I will just post a few details about the file.
Operation Cleanup Japan (OCJP)( 【報告】オペレーション「Cleanup Japan」 / #OCJPとは？is the project initiated by Hendrik Adrian to make the Japanese internet safer through exposure of badware sites and data, the shutdown of malicious sites and in helping the Japanese community learn from security professionals about how to recognize and prevent malware.
0DAY.JP <http://unixfreaxjp.blogspot.com/>is the project blog and it is in Japanese. We will link to his publications - via Google translation and provide you with the relevant samples. This will be an ongoing post with future updates. Please support OCJP and enjoy.
P.S. Contact Hendrik if
you have difficulty understanding Google translation of some words or need help with
screenshots. IE and Chrome handle the translated text formatting better
than Firefox. Except when indicated otherwise, I did not analyze these samples and might not be able to answer questions.